syslog-ng Premium Edition can send and receive log messages in a reliable way over the TCP transport layer using the Reliable Log Transfer Protocol™ (RLTP™). RLTP™ is a new transport protocol that prevents message loss during connection breaks. It detects the last received message on the receiving end and then starts resending messages from that point, ensuring messages are not duplicated at the receiving end in case of a connection break.

Disk-based Message Buffering

The Premium Edition of syslog-ng stores messages on the local hard disk if the central log server or the network connection becomes unavailable. The syslog-ng application automatically sends the stored messages to the server when the connection is reestablished, in the same order the messages were received. The disk buffer is persistent - no messages are lost even if syslog-ng is restarted.

Flow Control

Flow-control uses a control window to determine if there is free space in the output buffer of syslog-ng for new messages. If the output buffer is full, then the destination cannot accept new messages for some reason: for example, it is overloaded, or the network connection became unavailable. In such cases, syslog-ng stops reading messages from the source until some messages have been successfully sent to the destination.

Professional Support

Major releases of syslog-ng PE are supported and maintained for a long time, as described in the BalaBit version policy.

Scalability

Extreme Message Rate Collection

The syslog-ng application is optimized for performance, and can handle enormous amount of messages. Depending on its exact configuration, it has been known to process over 650,000 messages per second real-time, and over 24 GB raw logs per hour on standard server hardware.

Collection from Thousands of Log Sources

With the syslong-ng client-relay architecture, IT organizations can collect log messages from more than 10,000 log sources across a geographically distributed environment on one central log server.

Security

Secure Transfer using SSL/TLS

Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng Premium Edition uses the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.

Secure, Encrypted Log Storage

The Premium Edition of syslog-ng can store log messages securely in encrypted, compressed, indexed, and timestamped binary files, so any sensitive data is available only for authorized personnel who have the appropriate encryption key. Timestamps can be requested from external Timestamping Authorities.

Flexibility

Support for more than 50 Server Platforms

The syslog-ng Premium Edition application supports several architectures, including x86, x86_64, and SUN SPARC on a variety of operating systems.

The syslog-ng Premium Edition version 5 LTS offers complete support for Windows platforms. You can install the syslog-ng Premium Edition application on Windows operating systems as a client or central logserver or install the lightweight syslog-ng Agent for Windows.

Read Log Messages from Any Text File

Some applications use many different log files, and sometimes these files are not even located in the same folder. Automatically generated file and folder names are also often a problem. To solve these issues, the filenames and paths specifying the log files read by syslog-ng can include wildcards, and syslog-ng can automatically scan entire subfolder-trees for the specified files. The syslog-ng Premium Edition application is also able to process multi-line log messages, for example, Apache Tomcat messages.

Filter, Parse, Re-Write

The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.

Normalize data with PatternDB

The syslog-ng application can compare the contents of the log messages to a database of predefined message patterns.

Real-time log message classification

By comparing log messages to known patterns, syslog-ng is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized, and for example can label the messages as user login, application crash, file transfer, etc. events.

Extracting important information from messages

In addition to classifying messages, you can also add different tags which can be used later for filtering messages, for example, to collect messages tagged as user_login to a separate file or to perform conditional post processing on the tagged messages.

Real-time event correlation

syslog-ng also makes real time event correlation possible. This can be useful in many different situations. For example important data for a single event is often scattered into multiple syslog messages. Also login and logout events are often logged far away from each other, even in different log files, making log analysis difficult. Using correlation these can be collected into a single new message.

Collect detailed statistics about the processed messages based on host, destination, message class, and so on

-

✔

✔

✔

Windows server

-

-

✔

-

Windows client / relay

-

-

✔

✔

Hardware appliance

-

-

-

✔

Web-based management interface

-

-

-

✔

High-availability support

-

-

-

✔

Integrated log browsing and searching interface

-

-

-

✔

Customizable reporting capabilities

-

-

-

✔

Multi-thread Processing

-

✔

✔

✔

Sending SNMP traps

-

-

✔

✔

SQL source

-

-

✔

✔

RLTP (Reliable Log Transfer Protocol)

-

-

✔

-

Reliable disk buffer

-

-

✔

-

Message rate alerts

-

-

-

✔

MongoDB output

-

✔

-

-

JSON output and parser

-

✔

-

-

AMQP output

-

✔

-

-

What does syslog-ng PE offer over syslogd?
The syslogd application is the standard system logging application used by network devices like switches and routers, as well as servers running operating systems based on Unix, including Linux, HP-UX, BSD, Solaris, and AIX, but excluding Microsoft Windows. The implementations of syslogd on the different operating systems are in part system-specific, while syslog-ng has higher portability, using the same codebase on every platform. Regarding reliability, syslogd does nothing to ensure that the sent messages really arrive to the server. It uses the unreliable UDP network protocol, meaning that messages can get lost on the network without the sender or the server ever noticing it. Additionally, syslogd simply drops messages when the server is unavailable or overloaded. It does not have the ability to encrypt the messages, and the server can output the logs only into text files. The syslog-ng application offers improved reliability and powerful message processing capabilities, as well as several other features, and optional vendor support.

What does syslog-ng PE offer over syslog-ng OSE?
The syslog-ng Open Source Edition (syslog-ng OSE) application is the most popular and widespread alternative system logging application used in the world, having replaced syslogd on tens of thousands of systems. It has several features surpassing syslogd, including reliable message transferring using the TCP protocol, transfer messages securely using TLS, the ability to send log messages directly to an SQL database like MySQL or PostgreSQL, and the possibility to control the flow of messages to handle minor server outages. But only syslog-ng PE has the more advanced features of buffering the messages on the hard disk, storing messages in encrypted log files, reading messages from arbitrary files, and support for Microsoft Windows and IBM System i operating systems.
The following table summarizes the main differences between the syslogd, syslog-ng Open Source Edition (OSE), and syslog-ng Premium Edition (PE). For a more in-depth technical comparison, see the detailed feature comparison between syslogd, syslog-ng OSE, and syslog-ng PE.
If you want to see the cost benefits of syslog-ng PE usage over syslog-ng OSE, please try our ROI calculator.

What does syslog-ng Store Box offer over other versions?
The syslog-ng Store Box (SSB) is a central logserver appliance. It is built around syslog-ng PE, and offers a complete turn-key solution for managing your logs, including log collection, encrypted storage, automatic archiving and backups. SSB is managed from a web interface offering powerful log searching, browsing, and reporting capabilities, as well as high-availability support. For details, see the syslog-ng Store Box product page.

What does syslog-ng offer over rsyslog?
Another popular syslog implementation is rsyslog. While it is often used as an easy upgrade path from traditional syslogd, there are many reasons to change to syslog-ng instead. The syslog-ng application has a well structured configuration format, support for a wider diversity of platforms, real-time message classification and correlation and all of these features are very well documented. For a more in-depth comparison, see the detailed comparison between rsyslog and syslog-ng.

Shell Control Box - Activity Monitoring

shell control 是一款優秀的監控工具，可以有效監視並控制你的內外系統管理員，為可能經存在的危機搜集可靠的信息，從而提高你的商業運作進度。

Shell Control Box is an activity monitoring appliance that controls privileged access to remote servers and networking devices and records activities in movie-like audit trails that can be searched and replayed.

特色

Review of visited HTTP pagesTo improve the possibilities of auditing HTTP and HTTPS traffic, the Audit Player can render the visited webpage like a web browser. You can scroll the page, and click on the links and the Player will display their contents. If the audit trail contains a form that the users has filled, Audit Player can also display the form with the values filled.

Real-time content monitoring in graphical protocols
SCB 3 F5 can detect the windows appearing in RDP and VNC protocols. This allows you, for example, to store the list of windows displayed in a connection and raise an alert if a particular window appears (for example, because the users starts a suspicious application).

Integrating third-party password managers
SCB 3 F5 provides a framework to integrate with external Credential Store and Password Management systems. This framework makes integration with the leading password management systems possible and allows you to completely separate user credentials from the credentials used to access the servers.

Zorp provides complete control over regular and encrypted network traffic, with the capability to filter and also modify the content of the traffic.

The Zorp gateway technology

Zorp™ technology is a robust perimeter defense tool, developed for companies with extensive networks and other institutes having high security requirements. During Zorp's design, the developers abandoned the traditional firewall architecture and designed a tool that can answer the security challenges of today and tomorrow.

Owing to the modular architecture, the new gateway can be easily extended with new modules handling new protocols, and is capable of handling the different layers of embedded communication standards.

Based on the information obtained from the thorough inspection of network traffic, the graphical configuration interface backed with custom scripting enables the administrator to implement the network security policy of the company without any trade-offs. Advanced authentication services like Single Sign On and user-level QoS can be configured using the flexible authentication capabilities of the product.

Typical end-users

The protection provided by the Zorp™ application-level perimeter defense technology satisfies even the highest security needs. The typical users of Zorp™ come from the governmental, financial, and telecommunication sectors, including industrial companies as well.

This technology is especially useful in the following situations:

To protect networks that handle sensitive data or provide critical business processes.